Privacy Statement
We need the information you give us to work out whether you are eligible for support and are the data controller for that information. We will assess your entitlement and send you an award notice to tell you how much support you will get from us. We keep your personal information so we can audit our assessment of student support.
The Student Loans Company (SLC) need information to process your application for a student loan and we pass to them the information you give us so they know how much loan to pay you. They will handle the payments and the recovery as appropriate and are the data controller for that information. The SLC will have to keep your personal information for these purposes. The SLC may use your information to maintain or develop their systems. They will also give information to the Department for Work and Pensions to confirm your National Insurance and will work with HM Revenue and Customs to collect loan payments.
SAAS has a duty to protect the public funds it administers, and to this end will use and share the information you provide in the application form with other organisations for the purposes of ensuring you remain eligible for support. This includes sharing data with the SLC (who pay loans to students on our behalf) who may carry out checks with appropriate bodies like the Identity and Passport Service (IPS) and DWP to ensure that loans are and continue to be paid to the correct person and who in turn will share that information with SAAS. To ensure that student support is paid only to students continuing to attend a higher education institution, information is shared with SLC and Universities and Colleges so that other information relating to students’ attendance, withdrawals and temporary absences can be collected.
For further information on how your information is used, how we manage the security of your information, and your rights to access information we hold on you, please contact - SAAS Data Protection Officer, Gyleview House, 3 Redheughs Rigg, EDINBURGH, EH12 9HH
Prevention of Fraud
SAAS will use the information you have provided on your application form for the prevention and detection of fraud and will also share this information with other bodies responsible for auditing or administering public funds for these purposes. We may request information from other organisations for the purposes of ensuring that you remain eligible for support and that the level of support awarded is correct.
SAAS actively participates in the National Fraud Initiative. On behalf of the Auditor General for Scotland, Audit Scotland appoints the auditor to audit the accounts of this authority. Audit Scotland also assists appointed auditors by conducting the National Fraud Initiative which is a data matching exercise.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it indicates that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
Under the National Fraud Initiative we are required to provide particular sets of data to Audit Scotland for matching for each exercise, and these are set out in Audit Scotland’s handbook, which can be found at http://www.audit-scotland.gov.uk/work/nfi.php. The use of data by Audit Scotland in a data matching exercise is carried out with statutory authority; until October 2010, under auditors’ powers in Section 100 of the Local Government (Scotland) Act 1973 and Section 53 of the Local Government in Scotland Act 2003. These powers may also be used, where appropriate, after October 2010. From October 2010, under new data matching powers expected to be included at Part 2A of the Public Finance and Accountability (Scotland) Act 2000 (as amended by Section 70 of the Criminal Justice and Licensing (Scotland) Act 2010). It does not require the consent of the individuals concerned under the Data Protection Act 1998. Data matching by Audit Scotland is subject to a Code of Data Matching Practice. This may also be found at http://www.audit-scotland.gov.uk/work/nfi.php. For further information on Audit Scotland’s legal powers and the reasons why it matches particular information, see the Level 3 fair processing notice at http://www.audit-scotland.gov.uk/work/nfi.php or contact the SAAS National Fraud Initiative Key Contact at - SAAS Fraud Team, Gyleview House, 3 Redheughs Rigg, Edinburgh, EH12 9HH’.